apphelp.dll

Description: Application Compatibility Client Library

Version: 10.0.19041.6157

Architecture: 32-bit

Operating System: Windows NT

SHA256: c38fe87c23ef4c35807027681ed894b3

File Size: 639.0 KB

Uploaded At: Dec. 1, 2025, 7:53 a.m.

Views: 7

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

(Ordinal: 19, Address: 0x4be60)
(Ordinal: 20, Address: 0x36140)
(Ordinal: 21, Address: 0x4b9a0)
(Ordinal: 22, Address: 0x4bde0)
(Ordinal: 23, Address: 0x23810)
(Ordinal: 24, Address: 0x4d7a0)
(Ordinal: 25, Address: 0x4d970)
(Ordinal: 26, Address: 0x51d50)
(Ordinal: 27, Address: 0x38d50)
(Ordinal: 28, Address: 0x38f30)
(Ordinal: 29, Address: 0x54ac0)
(Ordinal: 30, Address: 0x54d80)
(Ordinal: 31, Address: 0x544a0)
(Ordinal: 32, Address: 0x520e0)
(Ordinal: 33, Address: 0x52110)
(Ordinal: 34, Address: 0x38a70)
DWM8And16Bit_ChangeDisplaySettingsExW_CallOut (Ordinal: 35, Address: 0x5c5f0)
DWM8And16Bit_DirectDrawCreateEx_CallOut (Ordinal: 36, Address: 0x68d10)
DWM8And16Bit_DirectDrawCreate_CallOut (Ordinal: 37, Address: 0x68d50)
DWM8And16Bit_EnumDisplaySettingsExW_CallOut (Ordinal: 38, Address: 0x5cda0)
DWM8And16Bit_IsShimApplied_CallOut (Ordinal: 39, Address: 0x5d930)
DWM8And16Bit_RestoreDisplayMode_CallOut (Ordinal: 40, Address: 0x68f20)
AllowPermLayer (Ordinal: 41, Address: 0x4a9d0)
ApphelpCheckExe (Ordinal: 42, Address: 0x595b0)
ApphelpCheckIME (Ordinal: 43, Address: 0x49570)
ApphelpCheckInstallShieldPackage (Ordinal: 44, Address: 0x495b0)
ApphelpCheckModule (Ordinal: 45, Address: 0x595e0)
ApphelpCheckMsiPackage (Ordinal: 46, Address: 0x49780)
ApphelpCheckRunApp (Ordinal: 47, Address: 0x59740)
ApphelpCheckRunAppEx (Ordinal: 48, Address: 0x59780)
ApphelpCheckShellObject (Ordinal: 49, Address: 0x2fa50)
ApphelpChpeModSettingsFromQueryResult (Ordinal: 50, Address: 0x5a150)
ApphelpCreateAppcompatData (Ordinal: 51, Address: 0x25800)
ApphelpFixMsiPackage (Ordinal: 52, Address: 0x49a10)
ApphelpFixMsiPackageExe (Ordinal: 53, Address: 0x49cc0)
ApphelpFreeFileAttributes (Ordinal: 54, Address: 0x4ab80)
ApphelpGetFileAttributes (Ordinal: 55, Address: 0x4ab90)
ApphelpGetMsiProperties (Ordinal: 56, Address: 0x49f20)
ApphelpGetNTVDMInfo (Ordinal: 57, Address: 0x49fc0)
ApphelpGetShimDebugLevel (Ordinal: 58, Address: 0x384f0)
ApphelpIsPortMonAllowed (Ordinal: 59, Address: 0x4a070)
ApphelpParseModuleData (Ordinal: 60, Address: 0x59a40)
ApphelpQueryModuleData (Ordinal: 61, Address: 0x59b20)
ApphelpQueryModuleDataEx (Ordinal: 62, Address: 0x234b0)
ApphelpShowDialog (Ordinal: 63, Address: 0x4aba0)
ApphelpUpdateCacheEntry (Ordinal: 64, Address: 0x4aa70)
GetPermLayers (Ordinal: 65, Address: 0x4aaa0)
SE_AddHookset (Ordinal: 66, Address: 0x5af50)
SE_CALLBACK_AddHook (Ordinal: 67, Address: 0x5b010)
SE_CALLBACK_Lookup (Ordinal: 68, Address: 0x5b090)
SE_COM_AddHook (Ordinal: 69, Address: 0x30d30)
SE_COM_AddServer (Ordinal: 70, Address: 0x37ec0)
SE_COM_HookInterface (Ordinal: 71, Address: 0x5b100)
SE_COM_HookObject (Ordinal: 72, Address: 0x5b180)
SE_COM_Lookup (Ordinal: 73, Address: 0x5b200)
SE_DllLoaded (Ordinal: 74, Address: 0x29400)
SE_DllUnloaded (Ordinal: 75, Address: 0x5b260)
SE_DynamicShim (Ordinal: 76, Address: 0x5b2b0)
SE_GetHookAPIs (Ordinal: 77, Address: 0x5b570)
SE_GetMaxShimCount (Ordinal: 78, Address: 0x5b6b0)
SE_GetProcAddressForCaller (Ordinal: 79, Address: 0x2a9d0)
SE_GetProcAddressIgnoreIncExc (Ordinal: 80, Address: 0x5b6c0)
SE_GetProcAddressLoad (Ordinal: 81, Address: 0x5b730)
SE_GetShimCount (Ordinal: 82, Address: 0x5b780)
SE_GetShimId (Ordinal: 83, Address: 0x23c20)
SE_InitializeEngine (Ordinal: 84, Address: 0x255f0)
SE_InstallAfterInit (Ordinal: 85, Address: 0x37a90)
SE_InstallBeforeInit (Ordinal: 86, Address: 0x33500)
SE_IsShimDll (Ordinal: 87, Address: 0x5b7a0)
SE_LdrEntryRemoved (Ordinal: 88, Address: 0x2ebd0)
SE_LdrResolveDllName (Ordinal: 89, Address: 0x35d70)
SE_LookupAddress (Ordinal: 90, Address: 0x5b7f0)
SE_LookupCaller (Ordinal: 91, Address: 0x5b8c0)
SE_ProcessDying (Ordinal: 92, Address: 0x375a0)
SE_ShimDPF (Ordinal: 93, Address: 0x36f80)
SE_ShimDllLoaded (Ordinal: 94, Address: 0x23bd0)
SE_WINRT_AddHook (Ordinal: 95, Address: 0x5ba20)
SE_WINRT_HookObject (Ordinal: 96, Address: 0x5bb00)
SdbAddLayerTagRefToQuery (Ordinal: 97, Address: 0x34fe0)
SdbApphelpNotify (Ordinal: 98, Address: 0x4edb0)
SdbApphelpNotifyEx2 (Ordinal: 99, Address: 0x4edf0)
SdbApphelpNotifyEx (Ordinal: 100, Address: 0x4ee80)
SdbBeginWriteListTag (Ordinal: 101, Address: 0x4b9f0)
SdbBuildCompatEnvVariables (Ordinal: 102, Address: 0x51a30)
SdbCloseApphelpInformation (Ordinal: 103, Address: 0x4efa0)
SdbCloseDatabase (Ordinal: 104, Address: 0x26320)
SdbCloseDatabaseWrite (Ordinal: 105, Address: 0x4bc50)
SdbCloseLocalDatabase (Ordinal: 106, Address: 0x52b20)
SdbCommitIndexes (Ordinal: 107, Address: 0x4bc70)
SdbCreateDatabase (Ordinal: 108, Address: 0x4bd10)
SdbCreateHelpCenterURL (Ordinal: 109, Address: 0x4f040)
SdbCreateMsiTransformFile (Ordinal: 110, Address: 0x532b0)
SdbDeclareIndex (Ordinal: 111, Address: 0x4be30)
SdbDeletePermLayerKeys (Ordinal: 112, Address: 0x51c30)
SdbDumpSearchPathPartCaches (Ordinal: 113, Address: 0x4b250)
SdbEndWriteListTag (Ordinal: 114, Address: 0x4c150)
SdbEnumMsiTransforms (Ordinal: 115, Address: 0x533c0)
SdbEscapeApphelpURL (Ordinal: 116, Address: 0x4f5c0)
SdbFindCustomActionForPackage (Ordinal: 117, Address: 0x53540)
SdbFindFirstDWORDIndexedTag (Ordinal: 118, Address: 0x53f80)
SdbFindFirstGUIDIndexedTag (Ordinal: 119, Address: 0x54010)
SdbFindFirstMsiPackage (Ordinal: 120, Address: 0x535f0)
SdbFindFirstMsiPackage_Str (Ordinal: 121, Address: 0x53630)
SdbFindFirstNamedTag (Ordinal: 122, Address: 0x2c250)
SdbFindFirstStringIndexedTag (Ordinal: 123, Address: 0x35f80)
SdbFindFirstTag (Ordinal: 124, Address: 0x2d180)
SdbFindFirstTagRef (Ordinal: 125, Address: 0x2cf60)
SdbFindMsiPackageByID (Ordinal: 126, Address: 0x536b0)
SdbFindNextDWORDIndexedTag (Ordinal: 127, Address: 0x540b0)
SdbFindNextGUIDIndexedTag (Ordinal: 128, Address: 0x540e0)
SdbFindNextMsiPackage (Ordinal: 129, Address: 0x53730)
SdbFindNextStringIndexedTag (Ordinal: 130, Address: 0x37fc0)
SdbFindNextTag (Ordinal: 131, Address: 0x2d2b0)
SdbFindNextTagRef (Ordinal: 132, Address: 0x2da40)
SdbFormatAttribute (Ordinal: 133, Address: 0x39020)
SdbFreeDatabaseInformation (Ordinal: 134, Address: 0x52680)
SdbFreeFileAttributes (Ordinal: 135, Address: 0x39820)
SdbFreeFileInfo (Ordinal: 136, Address: 0x4b250)
SdbFreeFlagInfo (Ordinal: 137, Address: 0x4d8b0)
SdbGUIDFromString (Ordinal: 138, Address: 0x4b260)
SdbGUIDToString (Ordinal: 139, Address: 0x4b290)
SdbGetAppCompatDataSize (Ordinal: 140, Address: 0x5adb0)
SdbGetAppPatchDir (Ordinal: 141, Address: 0x54ed0)
SdbGetBinaryTagData (Ordinal: 142, Address: 0x2e760)
SdbGetDatabaseGUID (Ordinal: 143, Address: 0x4d8e0)
SdbGetDatabaseID (Ordinal: 144, Address: 0x2e480)
SdbGetDatabaseInformation (Ordinal: 145, Address: 0x526b0)
SdbGetDatabaseInformationByName (Ordinal: 146, Address: 0x526d0)
SdbGetDatabaseMatch (Ordinal: 147, Address: 0x56240)
SdbGetDatabaseVersion (Ordinal: 148, Address: 0x528e0)
SdbGetDllPath (Ordinal: 149, Address: 0x52b40)
SdbGetEntryFlags (Ordinal: 150, Address: 0x57e60)
SdbGetFileAttributes (Ordinal: 151, Address: 0x39630)
SdbGetFileImageType (Ordinal: 152, Address: 0x54e50)
SdbGetFileImageTypeEx (Ordinal: 153, Address: 0x23440)
SdbGetFileInfo (Ordinal: 154, Address: 0x4b2c0)
SdbGetFirstChild (Ordinal: 155, Address: 0x2c530)
SdbGetImageType (Ordinal: 156, Address: 0x52b70)
SdbGetIndex (Ordinal: 157, Address: 0x36290)
SdbGetItemFromItemRef (Ordinal: 158, Address: 0x2e7a0)
SdbGetLayerName (Ordinal: 159, Address: 0x54f40)
SdbGetLayerTagRef (Ordinal: 160, Address: 0x4d9e0)
SdbGetLocalPDB (Ordinal: 161, Address: 0x4da90)
SdbGetMatchingExe (Ordinal: 162, Address: 0x38b30)
SdbGetMsiPackageInformation (Ordinal: 163, Address: 0x537c0)
SdbGetNamedLayer (Ordinal: 164, Address: 0x4dab0)
SdbGetNextChild (Ordinal: 165, Address: 0x2c4d0)
SdbGetNthUserSdb (Ordinal: 166, Address: 0x352b0)
SdbGetPDBFromGUID (Ordinal: 167, Address: 0x4db10)
SdbGetPathCustomSdb (Ordinal: 168, Address: 0x54ff0)
SdbGetPathSystemSdb (Ordinal: 169, Address: 0x2f1b0)
SdbGetPermLayerKeys (Ordinal: 170, Address: 0x51ea0)
SdbGetShowDebugInfoOption (Ordinal: 171, Address: 0x384f0)
SdbGetShowDebugInfoOptionValue (Ordinal: 172, Address: 0x384f0)
SdbGetStandardDatabaseGUID (Ordinal: 173, Address: 0x550c0)
SdbGetStringTagPtr (Ordinal: 174, Address: 0x2c0a0)
SdbGetTagDataSize (Ordinal: 175, Address: 0x2d4a0)
SdbGetTagFromTagID (Ordinal: 176, Address: 0x2d5a0)
SdbGrabMatchingInfo (Ordinal: 177, Address: 0x57fb0)
SdbGrabMatchingInfoEx (Ordinal: 178, Address: 0x57fe0)
SdbInitDatabase (Ordinal: 179, Address: 0x4a990)
SdbInitDatabaseEx (Ordinal: 180, Address: 0x2f7e0)
SdbIsDbRuntimePlatformSupportedOnHost (Ordinal: 181, Address: 0x563f0)
SdbIsNullGUID (Ordinal: 182, Address: 0x78620)
SdbIsStandardDatabase (Ordinal: 183, Address: 0x55140)
SdbIsTagrefFromLocalDB (Ordinal: 184, Address: 0x4dba0)
SdbIsTagrefFromMainDB (Ordinal: 185, Address: 0x4dbc0)
SdbLoadString (Ordinal: 186, Address: 0x4f770)
SdbMakeIndexKeyFromString (Ordinal: 187, Address: 0x54110)
SdbOpenApphelpDetailsDatabase (Ordinal: 188, Address: 0x4f830)
SdbOpenApphelpDetailsDatabaseSP (Ordinal: 189, Address: 0x4b2d0)
SdbOpenApphelpInformation (Ordinal: 190, Address: 0x4f8b0)
SdbOpenApphelpInformationByID (Ordinal: 191, Address: 0x4faa0)
SdbOpenApphelpResourceFile (Ordinal: 192, Address: 0x4fbb0)
SdbOpenDatabase (Ordinal: 193, Address: 0x52a30)
SdbOpenDbFromGuid (Ordinal: 194, Address: 0x4fc70)
SdbOpenLocalDatabase (Ordinal: 195, Address: 0x52c10)
SdbPackAppCompatData (Ordinal: 196, Address: 0x31be0)
SdbQueryApphelpInformation (Ordinal: 197, Address: 0x4fd40)
SdbQueryBlockUpgrade (Ordinal: 198, Address: 0x4de50)
SdbQueryContext (Ordinal: 199, Address: 0x4deb0)
SdbQueryData (Ordinal: 200, Address: 0x38da0)
SdbQueryDataEx (Ordinal: 201, Address: 0x38dd0)
SdbQueryDataExTagID (Ordinal: 202, Address: 0x38e40)
SdbQueryFlagInfo (Ordinal: 203, Address: 0x4e130)
SdbQueryFlagMask (Ordinal: 204, Address: 0x4e190)
SdbQueryName (Ordinal: 205, Address: 0x58cb0)
SdbQueryReinstallUpgrade (Ordinal: 206, Address: 0x4e6e0)
SdbReadApphelpData (Ordinal: 207, Address: 0x4ffd0)
SdbReadApphelpDetailsData (Ordinal: 208, Address: 0x500f0)
SdbReadBYTETag (Ordinal: 209, Address: 0x55df0)
SdbReadBYTETagRef (Ordinal: 210, Address: 0x55e70)
SdbReadBinaryTag (Ordinal: 211, Address: 0x2ed60)
SdbReadDWORDTag (Ordinal: 212, Address: 0x2dc20)
SdbReadDWORDTagRef (Ordinal: 213, Address: 0x236e0)
SdbReadEntryInformation (Ordinal: 214, Address: 0x56460)
SdbReadMsiTransformInfo (Ordinal: 215, Address: 0x53900)
SdbReadPatchBits (Ordinal: 216, Address: 0x52c40)
SdbReadQWORDTag (Ordinal: 217, Address: 0x374d0)
SdbReadQWORDTagRef (Ordinal: 218, Address: 0x37480)
SdbReadStringTag (Ordinal: 219, Address: 0x2e8e0)
SdbReadStringTagRef (Ordinal: 220, Address: 0x2e940)
SdbReadWORDTag (Ordinal: 221, Address: 0x2e420)
SdbReadWORDTagRef (Ordinal: 222, Address: 0x55f80)
SdbRegisterDatabase (Ordinal: 223, Address: 0x545a0)
SdbRegisterDatabaseEx (Ordinal: 224, Address: 0x545c0)
SdbReleaseDatabase (Ordinal: 225, Address: 0x26270)
SdbReleaseMatchingExe (Ordinal: 226, Address: 0x4e7e0)
SdbResolveDatabase (Ordinal: 227, Address: 0x551b0)
SdbSetApphelpDebugParameters (Ordinal: 228, Address: 0x504c0)
SdbSetEntryFlags (Ordinal: 229, Address: 0x55500)
SdbSetImageType (Ordinal: 230, Address: 0x38d80)
SdbSetPermLayerKeys (Ordinal: 231, Address: 0x51f30)
SdbShowApphelpDialog (Ordinal: 232, Address: 0x50590)
SdbShowApphelpFromQuery (Ordinal: 233, Address: 0x250e0)
SdbStartIndexing (Ordinal: 234, Address: 0x4c950)
SdbStopIndexing (Ordinal: 235, Address: 0x4c980)
SdbStringDuplicate (Ordinal: 236, Address: 0x4b2e0)
SdbStringReplace (Ordinal: 237, Address: 0x4b310)
SdbStringReplaceArray (Ordinal: 238, Address: 0x4b340)
SdbTagIDToTagRef (Ordinal: 239, Address: 0x2d920)
SdbTagRefToTagID (Ordinal: 240, Address: 0x2d850)
SdbTagToString (Ordinal: 241, Address: 0x39400)
SdbUnpackAppCompatData (Ordinal: 242, Address: 0x24a60)
SdbUnpackQueryResult (Ordinal: 243, Address: 0x24ac0)
SdbUnregisterDatabase (Ordinal: 244, Address: 0x54be0)
SdbWriteBYTETag (Ordinal: 245, Address: 0x4c9b0)
SdbWriteBinaryTag (Ordinal: 246, Address: 0x4c9f0)
SdbWriteBinaryTagFromFile (Ordinal: 247, Address: 0x4ca30)
SdbWriteDWORDTag (Ordinal: 248, Address: 0x4cb80)
SdbWriteNULLTag (Ordinal: 249, Address: 0x4cbc0)
SdbWriteQWORDTag (Ordinal: 250, Address: 0x4cc00)
SdbWriteStringRefTag (Ordinal: 251, Address: 0x4cc40)
SdbWriteStringTag (Ordinal: 252, Address: 0x4cc80)
SdbWriteStringTagDirect (Ordinal: 253, Address: 0x4ccd0)
SdbWriteWORDTag (Ordinal: 254, Address: 0x4cd30)
SetPermLayerState (Ordinal: 255, Address: 0x4aab0)
SetPermLayerStateEx (Ordinal: 256, Address: 0x4aae0)
SetPermLayers (Ordinal: 257, Address: 0x4ab20)
ShimDbgPrint (Ordinal: 258, Address: 0x384f0)
ShimDumpCache (Ordinal: 259, Address: 0x4abe0)
ShimFlushCache (Ordinal: 260, Address: 0x5a140)

Imported DLLs & Functions

api-ms-win-core-appcompat-l1-1-0.dll

BaseFlushAppcompatCache (Address: 0x78d0403c)
BaseIsAppcompatInfrastructureDisabled (Address: 0x78d04040)

api-ms-win-core-appcompat-l1-1-1.dll

BaseFreeAppCompatDataForProcess (Address: 0x78d0404c)
BaseReadAppCompatDataForProcess (Address: 0x78d04048)

api-ms-win-core-debug-l1-1-0.dll

DebugBreak (Address: 0x78d04054)
OutputDebugStringA (Address: 0x78d04058)

api-ms-win-core-errorhandling-l1-1-0.dll

GetLastError (Address: 0x78d0406c)
SetLastError (Address: 0x78d04064)
SetUnhandledExceptionFilter (Address: 0x78d04068)
UnhandledExceptionFilter (Address: 0x78d04060)

api-ms-win-core-file-l1-1-0.dll

CreateFileW (Address: 0x78d04080)
DeleteFileW (Address: 0x78d04078)
FindClose (Address: 0x78d04098)
FindFirstFileW (Address: 0x78d04088)
FindNextFileW (Address: 0x78d0409c)
GetDriveTypeW (Address: 0x78d0407c)
GetFileAttributesW (Address: 0x78d04094)
GetFinalPathNameByHandleW (Address: 0x78d0408c)
GetLongPathNameW (Address: 0x78d04084)
SetFilePointer (Address: 0x78d04090)
WriteFile (Address: 0x78d04074)

api-ms-win-core-file-l1-2-0.dll

GetTempPathW (Address: 0x78d040a4)

api-ms-win-core-handle-l1-1-0.dll

CloseHandle (Address: 0x78d040ac)

api-ms-win-core-heap-l1-1-0.dll

GetProcessHeap (Address: 0x78d040bc)
HeapAlloc (Address: 0x78d040b8)
HeapFree (Address: 0x78d040b4)

api-ms-win-core-libraryloader-l1-2-0.dll

DisableThreadLibraryCalls (Address: 0x78d040d8)
FreeLibrary (Address: 0x78d040e8)
GetModuleFileNameW (Address: 0x78d040c4)
GetModuleHandleExW (Address: 0x78d040d0)
GetModuleHandleW (Address: 0x78d040e0)
GetProcAddress (Address: 0x78d040dc)
LoadLibraryExW (Address: 0x78d040c8)
LoadResource (Address: 0x78d040d4)
LockResource (Address: 0x78d040cc)
SizeofResource (Address: 0x78d040e4)

api-ms-win-core-libraryloader-l1-2-1.dll

FindResourceW (Address: 0x78d040f0)

api-ms-win-core-localization-l1-2-0.dll

IsDBCSLeadByte (Address: 0x78d040fc)
VerLanguageNameW (Address: 0x78d040f8)

api-ms-win-core-localization-obsolete-l1-2-0.dll

GetUserDefaultUILanguage (Address: 0x78d04104)

api-ms-win-core-processenvironment-l1-1-0.dll

ExpandEnvironmentStringsW (Address: 0x78d04120)
FreeEnvironmentStringsW (Address: 0x78d0410c)
GetCurrentDirectoryW (Address: 0x78d0411c)
GetEnvironmentStringsW (Address: 0x78d04110)
GetEnvironmentVariableW (Address: 0x78d04118)
SetEnvironmentVariableW (Address: 0x78d04114)

api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessW (Address: 0x78d04134)
CreateThread (Address: 0x78d04130)
GetCurrentProcess (Address: 0x78d04144)
GetCurrentProcessId (Address: 0x78d04138)
GetCurrentThreadId (Address: 0x78d0413c)
GetProcessTimes (Address: 0x78d04128)
ProcessIdToSessionId (Address: 0x78d0412c)
TerminateProcess (Address: 0x78d04140)

api-ms-win-core-processthreads-l1-1-1.dll

OpenProcess (Address: 0x78d0414c)

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter (Address: 0x78d04154)

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey (Address: 0x78d04160)
RegGetKeySecurity (Address: 0x78d0415c)

api-ms-win-core-string-l1-1-0.dll

WideCharToMultiByte (Address: 0x78d04168)

api-ms-win-core-synch-l1-1-0.dll

CreateWaitableTimerExW (Address: 0x78d04184)
DeleteCriticalSection (Address: 0x78d0418c)
EnterCriticalSection (Address: 0x78d04174)
InitializeCriticalSection (Address: 0x78d04188)
InitializeCriticalSectionAndSpinCount (Address: 0x78d04178)
LeaveCriticalSection (Address: 0x78d04190)
OpenMutexW (Address: 0x78d04170)
SetWaitableTimer (Address: 0x78d0417c)
WaitForSingleObject (Address: 0x78d04180)

api-ms-win-core-synch-l1-2-0.dll

Sleep (Address: 0x78d04198)

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemDirectoryW (Address: 0x78d041b0)
GetSystemTimeAsFileTime (Address: 0x78d041ac)
GetSystemWindowsDirectoryW (Address: 0x78d041a4)
GetTickCount (Address: 0x78d041a8)
GetTickCount64 (Address: 0x78d041a0)

api-ms-win-eventing-provider-l1-1-0.dll

EventRegister (Address: 0x78d041c4)
EventSetInformation (Address: 0x78d041b8)
EventUnregister (Address: 0x78d041bc)
EventWriteTransfer (Address: 0x78d041c0)

api-ms-win-security-base-l1-1-0.dll

AllocateAndInitializeSid (Address: 0x78d041cc)
EqualSid (Address: 0x78d041d0)
GetAce (Address: 0x78d041d4)
GetAclInformation (Address: 0x78d041d8)
GetSecurityDescriptorDacl (Address: 0x78d041dc)

KERNEL32.dll

CancelIo (Address: 0x78d04008)
CreateToolhelp32Snapshot (Address: 0x78d04014)
GetOverlappedResult (Address: 0x78d04004)
GetPackageFullName (Address: 0x78d04034)
IsWow64Process (Address: 0x78d04028)
LocalAlloc (Address: 0x78d04010)
LocalFree (Address: 0x78d0400c)
PackageIdFromFullName (Address: 0x78d0402c)
SetNamedPipeHandleState (Address: 0x78d04030)
Thread32First (Address: 0x78d04018)
Thread32Next (Address: 0x78d0401c)
WaitNamedPipeW (Address: 0x78d04000)
Wow64DisableWow64FsRedirection (Address: 0x78d04024)
Wow64RevertWow64FsRedirection (Address: 0x78d04020)

ntdll.dll

_stricmp (Address: 0x78d0431c)
_strlwr (Address: 0x78d04210)
_strnicmp (Address: 0x78d042e8)
_vscwprintf (Address: 0x78d043a8)
_vsnprintf (Address: 0x78d04318)
_vsnwprintf (Address: 0x78d04418)
_wcsicmp (Address: 0x78d0442c)
_wcslwr (Address: 0x78d04218)
_wcsnicmp (Address: 0x78d0441c)
_wcsupr_s (Address: 0x78d04204)
_wtoi (Address: 0x78d04360)
atol (Address: 0x78d04404)
EtwEventEnabled (Address: 0x78d04424)
EtwEventRegister (Address: 0x78d04428)
EtwEventUnregister (Address: 0x78d04420)
EtwEventWrite (Address: 0x78d04414)
EtwEventWriteNoRegistration (Address: 0x78d041f8)
LdrEnumerateLoadedModules (Address: 0x78d04264)
LdrFindEntryForAddress (Address: 0x78d0432c)
LdrGetDllHandle (Address: 0x78d04400)
LdrGetProcedureAddress (Address: 0x78d04244)
LdrGetProcedureAddressEx (Address: 0x78d04238)
LdrInitShimEngineDynamic (Address: 0x78d042fc)
LdrLoadDll (Address: 0x78d04430)
LdrResSearchResource (Address: 0x78d042cc)
memcmp (Address: 0x78d0446c)
memcpy (Address: 0x78d04470)
memmove (Address: 0x78d04408)
memset (Address: 0x78d04474)
NtApphelpCacheControl (Address: 0x78d043fc)
NtClose (Address: 0x78d04228)
NtCreateFile (Address: 0x78d043e8)
NtCreateKey (Address: 0x78d04374)
NtDeleteKey (Address: 0x78d0436c)
NtDeleteValueKey (Address: 0x78d04390)
NtOpenFile (Address: 0x78d0424c)
NtOpenKey (Address: 0x78d04440)
NtProtectVirtualMemory (Address: 0x78d0425c)
NtQueryAttributesFile (Address: 0x78d041fc)
NtQueryInformationFile (Address: 0x78d043a0)
NtQueryInformationProcess (Address: 0x78d042f4)
NtQueryObject (Address: 0x78d04200)
NtQuerySecurityObject (Address: 0x78d04250)
NtQueryValueKey (Address: 0x78d0443c)
NtReadFile (Address: 0x78d043d0)
NtSetInformationKey (Address: 0x78d04370)
NtSetValueKey (Address: 0x78d04394)
NtWriteFile (Address: 0x78d043c8)
qsort (Address: 0x78d043c4)
RtlAcquireSRWLockExclusive (Address: 0x78d04268)
RtlAcquireSRWLockShared (Address: 0x78d04270)
RtlAddVectoredExceptionHandler (Address: 0x78d04208)
RtlAllocateAndInitializeSid (Address: 0x78d04220)
RtlAllocateHeap (Address: 0x78d0445c)
RtlAnsiStringToUnicodeString (Address: 0x78d04300)
RtlAppendUnicodeStringToString (Address: 0x78d04378)
RtlAppendUnicodeToString (Address: 0x78d04454)
RtlCaptureContext (Address: 0x78d0440c)
RtlCaptureStackBackTrace (Address: 0x78d04308)
RtlCheckTokenMembership (Address: 0x78d04224)
RtlCompareMemory (Address: 0x78d04258)
RtlCopyUnicodeString (Address: 0x78d04458)
RtlCreateEnvironmentEx (Address: 0x78d043e4)
RtlCreateServiceSid (Address: 0x78d042dc)
RtlCreateUnicodeString (Address: 0x78d0439c)
RtlDeleteCriticalSection (Address: 0x78d04324)
RtlDestroyEnvironment (Address: 0x78d043d4)
RtlDoesFileExists_U (Address: 0x78d04398)
RtlDosPathNameToNtPathName_U (Address: 0x78d04384)
RtlDosPathNameToNtPathName_U_WithStatus (Address: 0x78d043ec)
RtlDuplicateUnicodeString (Address: 0x78d0444c)
RtlEnterCriticalSection (Address: 0x78d0430c)
RtlEqualSid (Address: 0x78d041e4)
RtlEqualString (Address: 0x78d042d0)
RtlExpandEnvironmentStrings_U (Address: 0x78d04438)
RtlFormatCurrentUserKeyPath (Address: 0x78d04460)
RtlFreeAnsiString (Address: 0x78d04334)
RtlFreeHeap (Address: 0x78d04444)
RtlFreeSid (Address: 0x78d04464)
RtlFreeUnicodeString (Address: 0x78d04448)
RtlGetDaclSecurityDescriptor (Address: 0x78d041e8)
RtlGetFileMUIPath (Address: 0x78d043a4)
RtlGetFullPathName_UEx (Address: 0x78d043f0)
RtlGetNativeSystemInformation (Address: 0x78d0429c)
RtlGetNtSystemRoot (Address: 0x78d041f4)
RtlGetOwnerSecurityDescriptor (Address: 0x78d04254)
RtlGetVersion (Address: 0x78d0438c)
RtlGUIDFromString (Address: 0x78d0427c)
RtlIdentifierAuthoritySid (Address: 0x78d041ec)
RtlImageDirectoryEntryToData (Address: 0x78d04240)
RtlInitAnsiString (Address: 0x78d0421c)
RtlInitAnsiStringEx (Address: 0x78d04304)
RtlInitializeCriticalSection (Address: 0x78d04328)
RtlInitializeSRWLock (Address: 0x78d04260)
RtlInitString (Address: 0x78d0423c)
RtlInitUnicodeString (Address: 0x78d043f4)
RtlInitUnicodeStringEx (Address: 0x78d04468)
RtlLeaveCriticalSection (Address: 0x78d04310)
RtlLengthRequiredSid (Address: 0x78d04248)
RtlMultiByteToUnicodeN (Address: 0x78d042d4)
RtlNtPathNameToDosPathName (Address: 0x78d04344)
RtlNtStatusToDosError (Address: 0x78d042f0)
RtlpEnsureBufferSize (Address: 0x78d04348)
RtlQueryEnvironmentVariable_U (Address: 0x78d04340)
RtlReAllocateHeap (Address: 0x78d043d8)
RtlReleaseSRWLockExclusive (Address: 0x78d0426c)
RtlReleaseSRWLockShared (Address: 0x78d04274)
RtlRunOnceExecuteOnce (Address: 0x78d04380)
RtlSecondsSince1970ToTime (Address: 0x78d04368)
RtlSetEnvironmentVar (Address: 0x78d043e0)
RtlSetEnvironmentVariable (Address: 0x78d0433c)
RtlSizeHeap (Address: 0x78d043dc)
RtlStringFromGUID (Address: 0x78d04450)
RtlSubAuthorityCountSid (Address: 0x78d042e4)
RtlSubAuthoritySid (Address: 0x78d042e0)
RtlTimeToTimeFields (Address: 0x78d04364)
RtlTryEnterCriticalSection (Address: 0x78d04314)
RtlUnicodeStringToAnsiString (Address: 0x78d04338)
RtlUnicodeStringToInteger (Address: 0x78d04354)
RtlUnwind (Address: 0x78d042d8)
RtlUpcaseUnicodeChar (Address: 0x78d04288)
RtlUpcaseUnicodeString (Address: 0x78d0437c)
RtlVerifyVersionInfo (Address: 0x78d042a0)
RtlWow64GetProcessMachines (Address: 0x78d04330)
RtlxAnsiStringToUnicodeSize (Address: 0x78d04290)
SbSelectProcedure (Address: 0x78d042ec)
sprintf_s (Address: 0x78d04230)
sscanf_s (Address: 0x78d04234)
strchr (Address: 0x78d0422c)
strcpy_s (Address: 0x78d0420c)
strncmp (Address: 0x78d042b4)
strrchr (Address: 0x78d04320)
strstr (Address: 0x78d04214)
strtok_s (Address: 0x78d042f8)
swprintf_s (Address: 0x78d043f8)
toupper (Address: 0x78d04280)
VerSetConditionMask (Address: 0x78d042c0)
wcscat_s (Address: 0x78d043ac)
wcschr (Address: 0x78d043bc)
wcscpy_s (Address: 0x78d043b0)
wcsncmp (Address: 0x78d041f0)
wcsrchr (Address: 0x78d04410)
wcsspn (Address: 0x78d043c0)
wcsstr (Address: 0x78d04434)
ZwClose (Address: 0x78d043b4)
ZwCreateFile (Address: 0x78d04284)
ZwCreateKey (Address: 0x78d04298)
ZwCreateSection (Address: 0x78d0428c)
ZwEnumerateKey (Address: 0x78d042b8)
ZwEnumerateValueKey (Address: 0x78d04358)
ZwMapViewOfSection (Address: 0x78d042b0)
ZwOpenFile (Address: 0x78d042c4)
ZwOpenKey (Address: 0x78d0434c)
ZwOpenProcessToken (Address: 0x78d042bc)
ZwQueryDirectoryFile (Address: 0x78d042a4)
ZwQueryInformationFile (Address: 0x78d042c8)
ZwQueryInformationProcess (Address: 0x78d04294)
ZwQueryInformationToken (Address: 0x78d042ac)
ZwQueryKey (Address: 0x78d0435c)
ZwQuerySystemInformation (Address: 0x78d04388)
ZwQuerySystemTime (Address: 0x78d043cc)
ZwQueryValueKey (Address: 0x78d043b8)
ZwSetInformationProcess (Address: 0x78d042a8)
ZwSetValueKey (Address: 0x78d04350)
ZwUnmapViewOfSection (Address: 0x78d04278)